Legal

Privacy Policy

Last updated: March 29, 2026

1. Overview

Confidential Agent Guardrail ("the Extension") is a browser extension that detects and prevents sensitive data leaks before users submit prompts to AI platforms such as ChatGPT, Claude, and Gemini. This Privacy Policy explains what data is processed, how it is used, and your rights as a user.

2. Data We Process

The Extension processes the following data locally in your browser before any analysis:

  • Prompt content: Text you type in AI platform input fields is analyzed for sensitive patterns (API keys, passwords, personal data, etc.) before submission.
  • Extension settings: Your API endpoint URL and enabled platform preferences are stored locally in browser storage. No settings are transmitted to third parties.
  • Incident logs: When a sensitive pattern is detected, a redacted incident record (never the raw prompt) may be sent to your configured API endpoint for audit purposes.

3. Data We Do NOT Collect

  • We do not collect browsing history.
  • We do not store raw prompt content on any server.
  • We do not share any data with third parties.
  • We do not use data for advertising or profiling.
  • We do not collect personally identifiable information.

4. Permissions Used

  • activeTab: To intercept and analyze input fields on the currently active AI platform tab only.
  • storage: To save your extension preferences (API URL, enabled platforms) locally in your browser.
  • scripting: To inject the content script into supported AI platform pages to enable prompt interception.
  • tabs: To detect the current platform URL and apply platform-specific security configurations.
  • Host permissions (chat.openai.com, claude.ai, gemini.google.com, facebook.com): Required to inject the content script on these specific AI platforms only.

5. Data Retention

Extension preferences stored locally are retained until you uninstall the extension or clear your browser data. Incident logs sent to your configured API endpoint are subject to your own data retention policy.

6. Security

All communication between the Extension and your configured API endpoint is performed over HTTPS. Sensitive values detected in prompts are redacted before being stored in any log. Raw prompt content is never persisted on any server.

7. Your Rights

Under the GDPR and applicable data protection laws, you have the right to access, rectify, and delete any personal data we hold. Since we do not collect personally identifiable information, there is no personal data to access or delete. You may uninstall the extension at any time to remove all locally stored preferences.

8. Contact

For any privacy-related questions, please contact us at: tnbsoftlab@gmail.com

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Continued use of the Extension after changes constitutes acceptance of the updated policy.